Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6317

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2007-6317
Last Modified 05 Sep 2008 05:32:56
Published 11 Dec 2007 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-6317

Summary

Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.

Vulnerable Systems

Application

  • Real Time Logic Barracudadrive Web Server 3.7.2

  • Real Time Logic Barracudadrive Web Server Home Server 3.7.2


References

BID - 26805

BUGTRAQ - 20071210 Multiple vulnerabilities in BarracudaDrive 3.7.2

SECUNIA - 28032

MISC - http://aluigi.altervista.org/adv/barradrive-adv.txt

SREASON - 3434


Last Updated: 27 May 2016 10:46:28